Push‑Notification Privacy Notice (OneSignal)
Effective Date: 22 Nov 2025
1. What We Collect
When you visit our website and choose to allow push notifications, the following data is collected and processed by OneSignal Ltd. (the service provider that powers our notifications):
| Data Category | Purpose |
|---|---|
| Device token / subscription ID (generated by your browser or mobile OS) | Enables us to deliver push notifications to your device. |
| Browser / platform information (e.g., Chrome, Safari, Android, iOS) | Determines the correct delivery method and format. |
| IP address (at time of subscription) | Helps prevent abuse and fraud; not used to identify you personally. |
| Language preference (if provided by the browser) | Sends notifications in your preferred language when possible. |
| Interaction data (whether you click, dismiss, or ignore a notification) | Allows us to improve relevance and frequency of future mesages. |
| Optional custom data (e.g., campaign tags you may be added to) | Used only for segmentation of notification campaigns you have opted into. |
No personal identifiers such as name, email address, or payment information are collected by OneSignal unless you explicitly provide them in a notification’s custom payload (which we do not do by default).
2. How We Use the Data
- Deliver notifications you have opted to receive (e.g., new blog posts, product updates).
- Measure delivery success (sent, delivered, opened, clicked).
- Maintain security (detect duplicate subscriptions, block malicious activity).
- Improve the service (aggregate, anonymized statistics on notification performance).
3. Data Sharing & Transfers
- The data listed above is shared only with OneSignal for the purpose of delivering notifications.
- OneSignal may store the data on servers located outside the European Economic Area (EEA). They employ standard contractual clauses and industry‑standard encryption to safeguard the information.
- We do not sell or otherwise disclose your subscription data to third parties for marketing purposes.
4. Retention Period
- Device tokens are retained until you unsubscribe (via the “Manage Subscriptions” page or by revoking permission in your browser/device settings).
- Interaction logs are kept for up to 12 months* for analytics and security monitoring, after which they are automatically deleted or aggregated.
5. Your Rights
- Withdraw consent at any time by clicking the “Unsubscribe” link in any notification or visiting our Manage Subscriptions page.
- Delete your data by revoking push‑notification permission in your browser or device settings; this removes the token from OneSignal’s records.
- Request access, correction, or deletion of any personal data we may hold by contacting us at privacy@yourdomain.com.
6. Security Measures
- All communication between your browser/device and OneSignal’s servers is encrypted via HTTPS/TLS.
- Tokens are stored in OneSignal’s secure database with access limited to authorized personnel only.
- We regularly review OneSignal’s security certifications (e.g., ISO 27001, SOC 2) to ensure compliance.
7. Links to Further Information
- OneSignal’s full privacy policy: https://onesignal.com/privacy-policy
- Our overall website privacy policy (where this notice is embedded): https://yourdomain.com/privacy
If you have any questions about this notice or wish to exercise your rights, please contact us
Data‑Protection Policy – Contact‑Form Submissions
Effective Date: 22 Nov 2025
1. Scope & Purpose
This policy explains how we ( [Your Company Name], [Your Company Legal Entity], [Your Domain] ) collect, use, store, protect, and share the personal data you provide when you contact us through any of our online forms (e.g., “Contact Us,” “Support Request,” “Quote Request”) that require an email address.
2. Personal Data Collected
| Data Item | Why We Collect It | Legal Basis |
|---|---|---|
| Email address | To reply to your inquiry, send requested information, and provide customer support. | Consent (you voluntarily submit the form) or Legitimate Interest (providing a service you requested). |
| Name (optional) | Personalises our response. | Consent. |
| Phone number (optional) | Optional follow‑up via telephone. | Consent. |
| Message content | Understand the nature of your request. | Consent. |
| IP address & browser metadata (automaticaly logged) | Security, spam prevention, and troubleshooting. | Legitimate Interest. |
| Cookies / tracking IDs (if you interact with a follow‑up link) | Analytics of form usage. | Consent (via cookie banner) or Legitimate Interest (if anonymised). |
We never collect financial data, passwords, or any other sensitive personal data through the contact form.
3. How We Use the Data
- Respond to your inquiry – draft and send a reply to the email address you provided.
- Customer‑service workflow – route the message to the appropriate department or staff member.
- Record‑keeping – retain a copy of the correspondence for quality‑control, dispute resolution, and legal compliance.
- Security & anti‑spam – analyse IP addresses and patterns to block bots or abusive behaviour.
- Analytics (optional) – aggregate, anonymised statistics on volume of contacts, response times, etc. (no personal identifiers are retained in these reports).
We do not use your email address for marketing newsletters or promotional mailings unless you explicitly opt‑in to a separate mailing‑list subscription.
4. Data Retention
| Data | Retention Period |
|---|---|
| Email address & associated message | 24 months after the last interaction, then securely deleted or fully anonymised. |
| Optional name / phone number | Same as above (24 months). |
| IP address & metadata (for security) | 90 days (or longer if required for a security investigation). |
| Aggregated analytics data | Indefinitely (as it contains no personal identifiers). |
Retention periods can be shortened upon a valid request (see § 7).
5. Data Storage & Security
- All data is stored on encrypted databases hosted in a ISO 27001‑certified data centre (EU‑US‑compliant).
- Transmission between your browser and our server uses TLS 1.3 (HTTPS).
- Access to the contact‑form data is restricted to employees who need it to fulfil the request; all access is logged and reviewed regularly.
- We employ routine vulnerability scanning, firewalls, and intrusion‑detection systems to protect against unauthorised access.
6. Data Sharing & Transfers
- Third‑party processors – We may share the data with a cloud‑hosting provider or ticketing system (e.g., Zendesk, Freshdesk) solely for processing your request. These processors are bound by strict data‑processing agreements that mirror the protections required by GDPR/CCPA.
- Legal disclosures – We will disclose personal data only if compelled by a valid court order, subpoena, or other lawful process.
- International transfers – If any processor is located outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) or an equivalent adequacy mechanism to ensure an adequate level of protection.
7. Your Rights
Depending on your jurisdiction, you have the following rights regarding your personal data:
| Right | |
|---|---|
| Access – obtain a copy of the data we hold about you. | |
| Rectification – correct inaccurate or incomplete data. | |
| Erasure (“Right to be Forgotten”) – delete your data. | |
| Restriction of Processing – limit how we use your data. | |
| Data Portability – receive your data in a structured, machine‑readable format. | |
| Object – object to processing based on legitimate interests. | |
| Withdraw Consent – stop any future processing based on consent. | |
| Complaint – lodge a complaint with a supervisory authority. |
We will respond to any request within 30 days (or the period required by applicable law). If we need more time, we will inform you of the extension and reasons.
8. Cookies & Tracking (Related to the Contact Form)
If you interact with any follow‑up links or download resources after submitting the form, we may place strictly necessary cookies (session ID) and analytics cookies (Google Analytics, Matomo, etc.) only after you have given consent via our cookie banner. Those cookies are governed by our separate Cookie Policy.
9. Children’s Privacy
Our contact form is not intended for children under 16 (or the age of digital consent in your jurisdiction). If we discover that we have inadvertently collected personal data from a child, we will delete it promptly.
10. Updates to This Policy
We may revise this policy to reflect changes in law, technology, or business practices. The effective date at the top indicates the latest revision. Continued use of the contact form after a change constitutes acceptance of the updated policy.
Contact us
If you have any questions, concerns, or requests regarding this policy or your personal data, please contact us.